Skip to main content

Controlsuite : Why do users deleted in Active Directory remain in Equitrac After Synchronization

Article # 3046809 - Page views: 96


Why do users deleted in Active Directory remain in Equitrac After Synchronization?


In Equitrac 6, after you delete a user in Active Directory (AD) and synchronization occurs, the user is not removed from the Equitrac.

This behaviour occurs if the Equitrac services are configured to run under an account other than a domain administrators account. By default, only domain admin accounts have rights to read accounts that are deleted from Active Directory. NOTE: Running the Equitrac services under an account with domain admin rights is not recommended best practice.

To resolve the issue, at a command prompt run with Domain Administrator credentials, execute the following command :

EQModifyDeletedContainerSecurity.exe -s server -a accountname

Where:  server = the server name of the Active Directory domain controller.

            accountname = the name of the account to be granted access to the deleted users in the form domain\sAMAccountName.

Note: When running CAS and Scheduler as local system ensure the computer is added as the account name in the form domain\computername$

The utility is found in the Equitrac Tools directory on the Equitrac server (in ControlSuite 1.2 and above its %Program Files%\Kofax\Equitrac\Tools).  

Please refer to Directory synchronization access permissions ( for more information.


Product Version
ControlSuite 1.x


  • Was this article helpful?